libcss: add oss-fuzz support for libcss #14132
Conversation
|
boxerab is integrating a new project: |
boxerab
force-pushed
the
libcss
branch
16 times, most recently
from
c0b998a to
042975d
Compare
|
Are you a maintainer of this project? When I look at https://gitlab.collabora.com/libcss/libcss it doesn't seem to match the official one here: https://www.netsurf-browser.org/projects/libcss/ -- the git in the official is different and the git logs have divergence as well. Who are some of the critical users of this project? |
|
Hi David, I have asked the maintainers about adding libcss to oss-fuzz on the netsurf forum, but they have not responded and do not seem interested. My repo is almost identical to the netsurf repo except I have added meson build support - the netsurf libcss will not build independently. I would like to use libcss in another project, GStreamer, and GStreamer maintainers want to have some confidence in code security, so that is why I am submitting the code to oss-fuzz. Any security issues I fix will be submitted back to netsurf libcss as PRs. Here is GStreamer merge request |
boxerab
force-pushed
the
libcss
branch
5 times, most recently
from
479e543 to
2f33862
Compare
Libcss is a lightweight, open-source CSS parsing and selection library from the NetSurf project. It processes CSS inputs, handling parsing, preprocessing (e.g., ::cue, ID selectors), and style selection via libcss APIs. Fuzzing libcss is critical due to its exposure to untrusted CSS inputs in multimedia pipelines, where malformed stylesheets could trigger crashes, memory corruption, or undefined behavior. Adding this fuzzer to OSS-Fuzz enhances security by testing the parser against random inputs, covering key functions like css_stylesheet_append_data and css_select_style, and detecting potential vulnerabilities in real-world use cases. The fuzzer, css_parse_fuzzer.cc, targets the core parsing logic from gstcssparse.c and uses Meson for building libcss and its submodules (libwapcaplet, libparserutils).
|
I don't think this is a great match for OSS-Fuzz as it's not clear there are any users of the project. I would recommend using ClusterFuzzLite https://google.github.io/clusterfuzzlite/ which can leverage your OSS-Fuzz setup. Then, run the fuzzing harnesses locally as well, file CVEs for the issues you find and document the coverage on the project's documentation. But the purpose of OSS-Fuzz is to focus more on critical and widespread projects, which, as far as I can tell libcss is not at this stage. If this ends up landing in GStreamer, then I suggest enabling fuzzing by way of gstreamer itself, as it's already integrated into OSS-Fuzz: https://github.com/google/oss-fuzz/tree/master/projects/gstreamer |
2 participants
Libcss is a lightweight, open-source CSS parsing and selection library from the NetSurf project. It processes CSS inputs, handling parsing, preprocessing (e.g., ::cue, ID selectors), and style selection via libcss APIs. Fuzzing libcss is critical due to its exposure to untrusted CSS inputs in multimedia pipelines, where malformed stylesheets could trigger crashes, memory corruption, or undefined behavior. Adding this fuzzer to OSS-Fuzz enhances security by testing the parser against random inputs, covering key functions like css_stylesheet_append_data and css_select_style, and detecting potential vulnerabilities in real-world use cases.
The fuzzer, css_parse_fuzzer.cc, targets the core parsing logic from gstcssparse.c and uses Meson for building libcss and its submodules (libwapcaplet, libparserutils).